On 3 Sep 2004 at 9:05, Kelson wrote: > If it does > match, you can move on to accreditation (such as "SPF has verified that > this came from knownspammer.biz, therefore I can safely reject it" or > "SPF has verified that this came from mybusinesspartner.tld, therefore I > can accept it with less filtering."
The second part, I can see. The first isn't possible due to the fact that domains cost basically nothing to buy. A bad guy can have 50 domains waiting in the wings, and send SPF-accurate SPAM from each one until they start getting caught by rules like you say. Then, they move on to the next domain. Multiply that by thousands of bad guys, and life sucks. On the other hand, although your second filter is accurate, it's not necessary. All legitimate e-mail gets through right now, and auto- whitelisting with SpamAssassin gives me the same thing that SPF is supposed to: large "non-SPAM" scores for e-mail that comes from people I regularly do business with. BTW, I *have* had e-mail rejected because my SPF record wasn't 100% correct (I forgot an alternate name for a listserver). -- Jeff Rife | "Grab a shovel...I'm only one skull SPAM bait: | short of a Mouseketeer reunion." [EMAIL PROTECTED] | [EMAIL PROTECTED] | -- Bender, "Futurama" _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
